Bug 625399 - remmina exposes passwords to "ps"
remmina exposes passwords to "ps"
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: remmina (Show other bugs)
12
All Linux
low Severity medium
: ---
: ---
Assigned To: Christoph Wickert
Fedora Extras Quality Assurance
https://sourceforge.net/tracker/?func...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-19 06:20 EDT by Jason Haar
Modified: 2010-10-30 20:46 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-30 20:14:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jason Haar 2010-08-19 06:20:52 EDT
Description of problem:

says it all really. remmina uses the "-pPASSWORD" option in rdesktop instead of using "-p -" and passing the password on stdout - as tsclient does

Version-Release number of selected component (if applicable):

remmina-0.7.5-1.fc12.i686

How reproducible:

connect to a RDP client and then run "ps aux|grep rdesktop" in a terminal

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Christoph Wickert 2010-09-08 12:16:48 EDT
Thanks for your bug report. I have forwarded it to the upstream bug tracker at 
https://sourceforge.net/tracker/?func=detail&aid=3062032&group_id=278330&atid=1181674

Nevertheless I'll leave this one open until the problem is resolved.
Comment 2 Christoph Wickert 2010-10-30 20:14:38 EDT
Upstream has decided to not fix the issue as they have switched to freerdp now. I will try to bring the new version to Fedora soon.
Comment 3 Jason Haar 2010-10-30 20:31:36 EDT
Are you sure it's still a problem?

I'm now running F13, and "ps" shows

rdesktop -u user-name -d dom -p XXXXXXXXXXXXXX -a 24

...instead of the password. Maybe something changed in rdesktop to hide the password string?

This is with

rdesktop-1.6.0-7.fc12.i686
remmina-0.7.5-1.fc13.i686
Comment 4 Christoph Wickert 2010-10-30 20:46:34 EDT
Confirmed, same behavior on Fedora 14, versions of the packages are the same.

I know for sure that remmina has not changed and according to the changelog rdesktop has not changed ether. Anyway, the issue is fixed (I never verified it actually existed, I just relied on the bug report).

Note You need to log in before you can comment on or make changes to this bug.